Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ADSI - The server is unwilling to process the request

Status
Not open for further replies.
ThunderForest

ThunderForest

IS-IT--Management
Mar 3, 2003
189
US
Sorry, didn't mean to double-post. This seems to be more of an Active Directory expert question, so hopefully I have the right forum. I've written a lightweight Active Directory management program that modifies user attributes, adds and removes groups, and disables user accounts. Everything works fine except this scenario, where I receive the "The server is unwilling to process the request" error:

When I bind to groupFrom:

Code: 
LDAP://Domain.abc.cde/CN=GroupFrom,CN=Location1,CN=Users,DC=abc,DC=cde
I can't add it to groupTo:

Code: 
LDAP://Domain.abc.cde/CN=GroupTo,CN=Recipients,CN=Users,DC=abc,DC=cde

Note the difference in paths. I've narrowed down the problem as being due to some difference between CN=Location1 and CN=Recipients, but I don't know why it's a problem. I have domain admin rights.

On the other hand, if I bind to GroupA:

Code: 
LDAP://Domain.abc.cde/CN=GroupA,CN=Recipients,CN=Users,DC=abc,DC=cde

and add that to GroupB:

Code: 
LDAP://Domain.abc.cde/CN=GroupB,CN=Recipients,CN=Users,DC=abc,DC=cde

The paths are identical and it works just fine. It seems I can add a group to a group or a user to a group, but only if the LDAP path is the same in both. What AD restriction, if any, am I not understanding? Can you only add an object that has the same LDAP path as the container you bind to?

My application code is standard:

Code: 
grp:= GetObject(groupAStr) as IADsGroup;
grp.Add(groupBStr);

Thanks.


Getting answers before I'm asked.
Providing answers if I can.
 
Sort by date Sort by votes
Thank you for your reply.

GroupFrom is universal (8) distribution and GroupTo is global (2) distribution. As far as nesting goes, do you mean like other groups in GroupFrom? There is also a type 8 group in GroupFrom.

Getting answers before I'm asked.
Providing answers if I can.
 
Upvote 0 Downvote
Thanks very much for your help. Changing the group type from Global to Universal for the GroupTo group did the trick. Both are now Universal. Am I correct by saying you can't add a global to a universal?

Getting answers before I'm asked.
Providing answers if I can.
 
Upvote 0 Downvote
Global Groups can be made members of any local group or domain local group. Can be made members of universal groups in the same forest. And can contain other global groups when the domain is in Windows 2000 native ro Windows 2003 functional levels.

Universal Groups can include members from any domain in the forest, including global groups and other local groups.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Very helpful indeed. Thanks again.

Getting answers before I'm asked.
Providing answers if I can.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
1K
gbaughma
gbaughma
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
509
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
671
Aquiles Vidal
Aquiles Vidal
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
607
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top